Symantec evaluates Microsoft Agent ActiveX in MS CSRSS

Mumbai, Apr 11 (UNI) Microsoft today issued information on five new security bulletins, in addition to the out-of-cycle zero-day vulnerability issued on March 29 affecting Windows Anima ted Cursor remote code execution.

''Symantec views these patches as critical because there is an increased potential for exploitation since these vulnerabilities affect multiple versions of Microsoft Windows, including Windows Vista,'' Vince Hwang, group product manager, Symantec Security Response in a statement here said.

''Symantec always recommends that users download the available Microsoft patches to mitigate the security risks and to optimize and protect their systems from attacks,''he said.

Symantec Security Response rates the Microsoft Agent vulnerability to be the most critical of the security bulletins since a successful exploit could allow an attacker to install malicious code of his/her choice and potentially allow the attacker to gain complete control of the affected system in the worst case scenario.

Since ActiveX controls run on a significant number of systems, this vulnerability may be readily susceptible to attackers when users visit malicious Web sites.

This client-side remote code execution vulnerability affects the Microsoft Agent ActiveX component of Microsoft Windows 2000, Windows XP, and Windows Server 2003, the release added.

UNI